aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/cert/x509')
-rw-r--r--src/cert/x509/certstor.cpp8
-rw-r--r--src/cert/x509/certstor.h8
-rw-r--r--src/cert/x509/crl_ent.cpp3
-rw-r--r--src/cert/x509/crl_ent.h4
-rw-r--r--src/cert/x509/pkcs10.cpp17
-rw-r--r--src/cert/x509/pkcs10.h8
-rw-r--r--src/cert/x509/x509_ca.cpp99
-rw-r--r--src/cert/x509/x509_ca.h8
-rw-r--r--src/cert/x509/x509_crl.cpp10
-rw-r--r--src/cert/x509/x509_crl.h12
-rw-r--r--src/cert/x509/x509_ext.cpp62
-rw-r--r--src/cert/x509/x509_ext.h52
-rw-r--r--src/cert/x509/x509_obj.cpp30
-rw-r--r--src/cert/x509/x509_obj.h18
-rw-r--r--src/cert/x509/x509cert.cpp141
-rw-r--r--src/cert/x509/x509cert.h21
-rw-r--r--src/cert/x509/x509opt.cpp8
-rw-r--r--src/cert/x509/x509path.cpp2
-rw-r--r--src/cert/x509/x509path.h5
-rw-r--r--src/cert/x509/x509self.cpp23
20 files changed, 320 insertions, 219 deletions
diff --git a/src/cert/x509/certstor.cpp b/src/cert/x509/certstor.cpp
index de27361ed..293072785 100644
--- a/src/cert/x509/certstor.cpp
+++ b/src/cert/x509/certstor.cpp
@@ -32,7 +32,7 @@ void Certificate_Store_In_Memory::add_certificate(const X509_Certificate& cert)
std::vector<X509_Certificate>
Certificate_Store_In_Memory::find_cert_by_subject_and_key_id(
const X509_DN& subject_dn,
- const MemoryRegion<byte>& key_id) const
+ const std::vector<byte>& key_id) const
{
std::vector<X509_Certificate> result;
@@ -41,7 +41,7 @@ Certificate_Store_In_Memory::find_cert_by_subject_and_key_id(
// Only compare key ids if set in both call and in the cert
if(key_id.size())
{
- MemoryVector<byte> skid = certs[i].subject_key_id();
+ std::vector<byte> skid = certs[i].subject_key_id();
if(skid.size() && skid != key_id) // no match
continue;
@@ -76,7 +76,7 @@ void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl)
std::vector<X509_CRL>
Certificate_Store_In_Memory::find_crl_by_issuer_and_key_id(
const X509_DN& issuer_dn,
- const MemoryRegion<byte>& key_id) const
+ const std::vector<byte>& key_id) const
{
std::vector<X509_CRL> result;
@@ -85,7 +85,7 @@ Certificate_Store_In_Memory::find_crl_by_issuer_and_key_id(
// Only compare key ids if set in both call and in the CRL
if(key_id.size())
{
- MemoryVector<byte> akid = crls[i].authority_key_id();
+ std::vector<byte> akid = crls[i].authority_key_id();
if(akid.size() && akid != key_id) // no match
continue;
diff --git a/src/cert/x509/certstor.h b/src/cert/x509/certstor.h
index e2727c569..584259f8c 100644
--- a/src/cert/x509/certstor.h
+++ b/src/cert/x509/certstor.h
@@ -39,7 +39,7 @@ class BOTAN_DLL Certificate_Store
virtual std::vector<X509_Certificate>
find_cert_by_subject_and_key_id(
const X509_DN& subject_dn,
- const MemoryRegion<byte>& key_id) const = 0;
+ const std::vector<byte>& key_id) const = 0;
/**
* Find CRLs by the DN and key id of the issuer
@@ -47,7 +47,7 @@ class BOTAN_DLL Certificate_Store
virtual std::vector<X509_CRL>
find_crl_by_issuer_and_key_id(
const X509_DN& issuer_dn,
- const MemoryRegion<byte>& key_id) const = 0;
+ const std::vector<byte>& key_id) const = 0;
};
/**
@@ -62,11 +62,11 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store
std::vector<X509_Certificate> find_cert_by_subject_and_key_id(
const X509_DN& subject_dn,
- const MemoryRegion<byte>& key_id) const;
+ const std::vector<byte>& key_id) const;
std::vector<X509_CRL> find_crl_by_issuer_and_key_id(
const X509_DN& issuer_dn,
- const MemoryRegion<byte>& key_id) const;
+ const std::vector<byte>& key_id) const;
Certificate_Store_In_Memory() {}
private:
diff --git a/src/cert/x509/crl_ent.cpp b/src/cert/x509/crl_ent.cpp
index d566637f6..a5663e6bb 100644
--- a/src/cert/x509/crl_ent.cpp
+++ b/src/cert/x509/crl_ent.cpp
@@ -11,7 +11,6 @@
#include <botan/ber_dec.h>
#include <botan/bigint.h>
#include <botan/oids.h>
-#include <botan/time.h>
namespace Botan {
@@ -31,7 +30,7 @@ CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) :
throw_on_unknown_critical(false)
{
serial = cert.serial_number();
- time = X509_Time(system_time());
+ time = X509_Time(std::chrono::system_clock::now());
reason = why;
}
diff --git a/src/cert/x509/crl_ent.h b/src/cert/x509/crl_ent.h
index ae9535484..769519f78 100644
--- a/src/cert/x509/crl_ent.h
+++ b/src/cert/x509/crl_ent.h
@@ -45,7 +45,7 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object
* Get the serial number of the certificate associated with this entry.
* @return certificate's serial number
*/
- MemoryVector<byte> serial_number() const { return serial; }
+ std::vector<byte> serial_number() const { return serial; }
/**
* Get the revocation date of the certificate associated with this entry
@@ -74,7 +74,7 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object
private:
bool throw_on_unknown_critical;
- MemoryVector<byte> serial;
+ std::vector<byte> serial;
X509_Time time;
CRL_Code reason;
};
diff --git a/src/cert/x509/pkcs10.cpp b/src/cert/x509/pkcs10.cpp
index 784318d3d..c67f74142 100644
--- a/src/cert/x509/pkcs10.cpp
+++ b/src/cert/x509/pkcs10.cpp
@@ -35,6 +35,15 @@ PKCS10_Request::PKCS10_Request(const std::string& in) :
}
/*
+* PKCS10_Request Constructor
+*/
+PKCS10_Request::PKCS10_Request(const std::vector<byte>& in) :
+ X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
+ {
+ do_decode();
+ }
+
+/*
* Deocde the CertificateRequestInfo
*/
void PKCS10_Request::force_decode()
@@ -45,7 +54,7 @@ void PKCS10_Request::force_decode()
cert_req_info.decode(version);
if(version != 0)
throw Decoding_Error("Unknown version code in PKCS #10 request: " +
- to_string(version));
+ std::to_string(version));
X509_DN dn_subject;
cert_req_info.decode(dn_subject);
@@ -59,7 +68,7 @@ void PKCS10_Request::force_decode()
info.add("X509.Certificate.public_key",
PEM_Code::encode(
- ASN1::put_in_sequence(public_key.value),
+ ASN1::put_in_sequence(unlock(public_key.value)),
"PUBLIC KEY"
)
);
@@ -136,10 +145,10 @@ X509_DN PKCS10_Request::subject_dn() const
/*
* Return the public key of the requestor
*/
-MemoryVector<byte> PKCS10_Request::raw_public_key() const
+std::vector<byte> PKCS10_Request::raw_public_key() const
{
DataSource_Memory source(info.get1("X509.Certificate.public_key"));
- return PEM_Code::decode_check_label(source, "PUBLIC KEY");
+ return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY"));
}
/*
diff --git a/src/cert/x509/pkcs10.h b/src/cert/x509/pkcs10.h
index 065dfbdc0..974ea0070 100644
--- a/src/cert/x509/pkcs10.h
+++ b/src/cert/x509/pkcs10.h
@@ -33,7 +33,7 @@ class BOTAN_DLL PKCS10_Request : public X509_Object
* Get the raw DER encoded public key.
* @return raw DER encoded public key
*/
- MemoryVector<byte> raw_public_key() const;
+ std::vector<byte> raw_public_key() const;
/**
* Get the subject DN.
@@ -91,6 +91,12 @@ class BOTAN_DLL PKCS10_Request : public X509_Object
* encoded request file
*/
PKCS10_Request(const std::string& filename);
+
+ /**
+ * Create a PKCS#10 Request from binary data.
+ * @param vec a std::vector containing the DER value
+ */
+ PKCS10_Request(const std::vector<byte>& vec);
private:
void force_decode();
void handle_attribute(const Attribute&);
diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp
index 77e066533..9633d1466 100644
--- a/src/cert/x509/x509_ca.cpp
+++ b/src/cert/x509/x509_ca.cpp
@@ -57,8 +57,8 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
else
{
- std::auto_ptr<Public_Key> key(req.subject_public_key());
- constraints = find_constraints(*key, req.constraints());
+ std::unique_ptr<Public_Key> key(req.subject_public_key());
+ constraints = X509::find_constraints(*key, req.constraints());
}
Extensions extensions;
@@ -91,7 +91,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
X509_Certificate X509_CA::make_cert(PK_Signer* signer,
RandomNumberGenerator& rng,
const AlgorithmIdentifier& sig_algo,
- const MemoryRegion<byte>& pub_key,
+ const std::vector<byte>& pub_key,
const X509_Time& not_before,
const X509_Time& not_after,
const X509_DN& issuer_dn,
@@ -103,35 +103,35 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer,
BigInt serial_no(rng, SERIAL_BITS);
- DataSource_Memory source(X509_Object::make_signed(signer, rng, sig_algo,
- DER_Encoder().start_cons(SEQUENCE)
- .start_explicit(0)
- .encode(X509_CERT_VERSION-1)
- .end_explicit()
+ const std::vector<byte> cert = X509_Object::make_signed(
+ signer, rng, sig_algo,
+ DER_Encoder().start_cons(SEQUENCE)
+ .start_explicit(0)
+ .encode(X509_CERT_VERSION-1)
+ .end_explicit()
- .encode(serial_no)
+ .encode(serial_no)
- .encode(sig_algo)
- .encode(issuer_dn)
+ .encode(sig_algo)
+ .encode(issuer_dn)
- .start_cons(SEQUENCE)
- .encode(not_before)
- .encode(not_after)
- .end_cons()
+ .start_cons(SEQUENCE)
+ .encode(not_before)
+ .encode(not_after)
+ .end_cons()
- .encode(subject_dn)
- .raw_bytes(pub_key)
+ .encode(subject_dn)
+ .raw_bytes(pub_key)
- .start_explicit(3)
- .start_cons(SEQUENCE)
- .encode(extensions)
- .end_cons()
- .end_explicit()
- .end_cons()
- .get_contents()
- ));
+ .start_explicit(3)
+ .start_cons(SEQUENCE)
+ .encode(extensions)
+ .end_cons()
+ .end_explicit()
+ .end_cons()
+ .get_contents());
- return X509_Certificate(source);
+ return X509_Certificate(cert);
}
/*
@@ -173,36 +173,37 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
next_update = timespec_to_u32bit("7d");
// Totally stupid: ties encoding logic to the return of std::time!!
- const u64bit current_time = system_time();
+ auto current_time = std::chrono::system_clock::now();
+ auto expire_time = current_time + std::chrono::seconds(next_update);
Extensions extensions;
extensions.add(
new Cert_Extension::Authority_Key_ID(cert.subject_key_id()));
extensions.add(new Cert_Extension::CRL_Number(crl_number));
- DataSource_Memory source(X509_Object::make_signed(signer, rng, ca_sig_algo,
- DER_Encoder().start_cons(SEQUENCE)
- .encode(X509_CRL_VERSION-1)
- .encode(ca_sig_algo)
- .encode(cert.issuer_dn())
- .encode(X509_Time(current_time))
- .encode(X509_Time(current_time + next_update))
- .encode_if(revoked.size() > 0,
- DER_Encoder()
- .start_cons(SEQUENCE)
- .encode_list(revoked)
- .end_cons()
- )
- .start_explicit(0)
- .start_cons(SEQUENCE)
- .encode(extensions)
- .end_cons()
- .end_explicit()
- .end_cons()
- .get_contents()
- ));
+ const std::vector<byte> crl = X509_Object::make_signed(
+ signer, rng, ca_sig_algo,
+ DER_Encoder().start_cons(SEQUENCE)
+ .encode(X509_CRL_VERSION-1)
+ .encode(ca_sig_algo)
+ .encode(cert.issuer_dn())
+ .encode(X509_Time(current_time))
+ .encode(X509_Time(expire_time))
+ .encode_if(revoked.size() > 0,
+ DER_Encoder()
+ .start_cons(SEQUENCE)
+ .encode_list(revoked)
+ .end_cons()
+ )
+ .start_explicit(0)
+ .start_cons(SEQUENCE)
+ .encode(extensions)
+ .end_cons()
+ .end_explicit()
+ .end_cons()
+ .get_contents());
- return X509_CRL(source);
+ return X509_CRL(crl);
}
/*
diff --git a/src/cert/x509/x509_ca.h b/src/cert/x509/x509_ca.h
index 97be6a415..d37b02eaf 100644
--- a/src/cert/x509/x509_ca.h
+++ b/src/cert/x509/x509_ca.h
@@ -82,7 +82,7 @@ class BOTAN_DLL X509_CA
static X509_Certificate make_cert(PK_Signer* signer,
RandomNumberGenerator& rng,
const AlgorithmIdentifier& sig_algo,
- const MemoryRegion<byte>& pub_key,
+ const std::vector<byte>& pub_key,
const X509_Time& not_before,
const X509_Time& not_after,
const X509_DN& issuer_dn,
@@ -99,11 +99,11 @@ class BOTAN_DLL X509_CA
const Private_Key& key,
const std::string& hash_fn);
+ X509_CA(const X509_CA&) = delete;
+ X509_CA& operator=(const X509_CA&) = delete;
+
~X509_CA();
private:
- X509_CA(const X509_CA&) {}
- X509_CA& operator=(const X509_CA&) { return (*this); }
-
X509_CRL make_crl(const std::vector<CRL_Entry>& entries,
u32bit crl_number, u32bit next_update,
RandomNumberGenerator& rng) const;
diff --git a/src/cert/x509/x509_crl.cpp b/src/cert/x509/x509_crl.cpp
index 9c6b891c7..1d6393470 100644
--- a/src/cert/x509/x509_crl.cpp
+++ b/src/cert/x509/x509_crl.cpp
@@ -33,6 +33,12 @@ X509_CRL::X509_CRL(const std::string& in, bool touc) :
do_decode();
}
+X509_CRL::X509_CRL(const std::vector<byte>& in, bool touc) :
+ X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc)
+ {
+ do_decode();
+ }
+
/**
* Check if this particular certificate is listed in the CRL
*/
@@ -82,7 +88,7 @@ void X509_CRL::force_decode()
if(version != 0 && version != 1)
throw X509_CRL_Error("Unknown X.509 CRL version " +
- to_string(version+1));
+ std::to_string(version+1));
AlgorithmIdentifier sig_algo_inner;
tbs_crl.decode(sig_algo_inner);
@@ -153,7 +159,7 @@ X509_DN X509_CRL::issuer_dn() const
/*
* Return the key identifier of the issuer
*/
-MemoryVector<byte> X509_CRL::authority_key_id() const
+std::vector<byte> X509_CRL::authority_key_id() const
{
return info.get1_memvec("X509v3.AuthorityKeyIdentifier");
}
diff --git a/src/cert/x509/x509_crl.h b/src/cert/x509/x509_crl.h
index 55eb8424b..3e45df121 100644
--- a/src/cert/x509/x509_crl.h
+++ b/src/cert/x509/x509_crl.h
@@ -52,7 +52,7 @@ class BOTAN_DLL X509_CRL : public X509_Object
* Get the AuthorityKeyIdentifier of this CRL.
* @return this CRLs AuthorityKeyIdentifier
*/
- MemoryVector<byte> authority_key_id() const;
+ std::vector<byte> authority_key_id() const;
/**
* Get the serial number of this CRL.
@@ -88,6 +88,16 @@ class BOTAN_DLL X509_CRL : public X509_Object
*/
X509_CRL(const std::string& filename,
bool throw_on_unknown_critical = false);
+
+ /**
+ * Construct a CRL from a binary vector
+ * @param vec the binary (DER) representation of the CRL
+ * @param throw_on_unknown_critical should we throw an exception
+ * if an unknown CRL extension marked as critical is encountered.
+ */
+ X509_CRL(const std::vector<byte>& vec,
+ bool throw_on_unknown_critical = false);
+
private:
void force_decode();
diff --git a/src/cert/x509/x509_ext.cpp b/src/cert/x509/x509_ext.cpp
index 6e0befaf3..919fb790a 100644
--- a/src/cert/x509/x509_ext.cpp
+++ b/src/cert/x509/x509_ext.cpp
@@ -36,7 +36,7 @@ Certificate_Extension* Extensions::get_extension(const OID& oid)
X509_EXTENSION("X509v3.CertificatePolicies", Certificate_Policies);
X509_EXTENSION("X509v3.ReasonCode", CRL_ReasonCode);
- return 0;
+ return nullptr;
}
/*
@@ -114,7 +114,7 @@ void Extensions::decode_from(BER_Decoder& from_source)
while(sequence.more_items())
{
OID oid;
- MemoryVector<byte> value;
+ std::vector<byte> value;
bool critical;
sequence.start_cons(SEQUENCE)
@@ -176,7 +176,7 @@ size_t Basic_Constraints::get_path_limit() const
/*
* Encode the extension
*/
-MemoryVector<byte> Basic_Constraints::encode_inner() const
+std::vector<byte> Basic_Constraints::encode_inner() const
{
return DER_Encoder()
.start_cons(SEQUENCE)
@@ -186,13 +186,13 @@ MemoryVector<byte> Basic_Constraints::encode_inner() const
.encode_optional(path_limit, NO_CERT_PATH_LIMIT)
)
.end_cons()
- .get_contents();
+ .get_contents_unlocked();
}
/*
* Decode the extension
*/
-void Basic_Constraints::decode_inner(const MemoryRegion<byte>& in)
+void Basic_Constraints::decode_inner(const std::vector<byte>& in)
{
BER_Decoder(in)
.start_cons(SEQUENCE)
@@ -217,14 +217,14 @@ void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const
/*
* Encode the extension
*/
-MemoryVector<byte> Key_Usage::encode_inner() const
+std::vector<byte> Key_Usage::encode_inner() const
{
if(constraints == NO_CONSTRAINTS)
throw Encoding_Error("Cannot encode zero usage constraints");
const size_t unused_bits = low_bit(constraints) - 1;
- MemoryVector<byte> der;
+ std::vector<byte> der;
der.push_back(BIT_STRING);
der.push_back(2 + ((unused_bits < 8) ? 1 : 0));
der.push_back(unused_bits % 8);
@@ -238,7 +238,7 @@ MemoryVector<byte> Key_Usage::encode_inner() const
/*
* Decode the extension
*/
-void Key_Usage::decode_inner(const MemoryRegion<byte>& in)
+void Key_Usage::decode_inner(const std::vector<byte>& in)
{
BER_Decoder ber(in);
@@ -274,15 +274,15 @@ void Key_Usage::contents_to(Data_Store& subject, Data_Store&) const
/*
* Encode the extension
*/
-MemoryVector<byte> Subject_Key_ID::encode_inner() const
+std::vector<byte> Subject_Key_ID::encode_inner() const
{
- return DER_Encoder().encode(key_id, OCTET_STRING).get_contents();
+ return DER_Encoder().encode(key_id, OCTET_STRING).get_contents_unlocked();
}
/*
* Decode the extension
*/
-void Subject_Key_ID::decode_inner(const MemoryRegion<byte>& in)
+void Subject_Key_ID::decode_inner(const std::vector<byte>& in)
{
BER_Decoder(in).decode(key_id, OCTET_STRING).verify_end();
}
@@ -298,28 +298,28 @@ void Subject_Key_ID::contents_to(Data_Store& subject, Data_Store&) const
/*
* Subject_Key_ID Constructor
*/
-Subject_Key_ID::Subject_Key_ID(const MemoryRegion<byte>& pub_key)
+Subject_Key_ID::Subject_Key_ID(const std::vector<byte>& pub_key)
{
SHA_160 hash;
- key_id = hash.process(pub_key);
+ key_id = unlock(hash.process(pub_key));
}
/*
* Encode the extension
*/
-MemoryVector<byte> Authority_Key_ID::encode_inner() const
+std::vector<byte> Authority_Key_ID::encode_inner() const
{
return DER_Encoder()
.start_cons(SEQUENCE)
.encode(key_id, OCTET_STRING, ASN1_Tag(0), CONTEXT_SPECIFIC)
.end_cons()
- .get_contents();
+ .get_contents_unlocked();
}
/*
* Decode the extension
*/
-void Authority_Key_ID::decode_inner(const MemoryRegion<byte>& in)
+void Authority_Key_ID::decode_inner(const std::vector<byte>& in)
{
BER_Decoder(in)
.start_cons(SEQUENCE)
@@ -338,15 +338,15 @@ void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer) const
/*
* Encode the extension
*/
-MemoryVector<byte> Alternative_Name::encode_inner() const
+std::vector<byte> Alternative_Name::encode_inner() const
{
- return DER_Encoder().encode(alt_name).get_contents();
+ return DER_Encoder().encode(alt_name).get_contents_unlocked();
}
/*
* Decode the extension
*/
-void Alternative_Name::decode_inner(const MemoryRegion<byte>& in)
+void Alternative_Name::decode_inner(const std::vector<byte>& in)
{
BER_Decoder(in).decode(alt_name);
}
@@ -404,19 +404,19 @@ Issuer_Alternative_Name::Issuer_Alternative_Name(const AlternativeName& name) :
/*
* Encode the extension
*/
-MemoryVector<byte> Extended_Key_Usage::encode_inner() const
+std::vector<byte> Extended_Key_Usage::encode_inner() const
{
return DER_Encoder()
.start_cons(SEQUENCE)
.encode_list(oids)
.end_cons()
- .get_contents();
+ .get_contents_unlocked();
}
/*
* Decode the extension
*/
-void Extended_Key_Usage::decode_inner(const MemoryRegion<byte>& in)
+void Extended_Key_Usage::decode_inner(const std::vector<byte>& in)
{
BER_Decoder(in)
.start_cons(SEQUENCE)
@@ -467,7 +467,7 @@ class Policy_Information : public ASN1_Object
/*
* Encode the extension
*/
-MemoryVector<byte> Certificate_Policies::encode_inner() const
+std::vector<byte> Certificate_Policies::encode_inner() const
{
std::vector<Policy_Information> policies;
@@ -478,13 +478,13 @@ MemoryVector<byte> Certificate_Policies::encode_inner() const
.start_cons(SEQUENCE)
.encode_list(policies)
.end_cons()
- .get_contents();
+ .get_contents_unlocked();
}
/*
* Decode the extension
*/
-void Certificate_Policies::decode_inner(const MemoryRegion<byte>& in)
+void Certificate_Policies::decode_inner(const std::vector<byte>& in)
{
std::vector<Policy_Information> policies;
@@ -530,15 +530,15 @@ CRL_Number* CRL_Number::copy() const
/*
* Encode the extension
*/
-MemoryVector<byte> CRL_Number::encode_inner() const
+std::vector<byte> CRL_Number::encode_inner() const
{
- return DER_Encoder().encode(crl_number).get_contents();
+ return DER_Encoder().encode(crl_number).get_contents_unlocked();
}
/*
* Decode the extension
*/
-void CRL_Number::decode_inner(const MemoryRegion<byte>& in)
+void CRL_Number::decode_inner(const std::vector<byte>& in)
{
BER_Decoder(in).decode(crl_number);
}
@@ -554,17 +554,17 @@ void CRL_Number::contents_to(Data_Store& info, Data_Store&) const
/*
* Encode the extension
*/
-MemoryVector<byte> CRL_ReasonCode::encode_inner() const
+std::vector<byte> CRL_ReasonCode::encode_inner() const
{
return DER_Encoder()
.encode(static_cast<size_t>(reason), ENUMERATED, UNIVERSAL)
- .get_contents();
+ .get_contents_unlocked();
}
/*
* Decode the extension
*/
-void CRL_ReasonCode::decode_inner(const MemoryRegion<byte>& in)
+void CRL_ReasonCode::decode_inner(const std::vector<byte>& in)
{
size_t reason_code = 0;
BER_Decoder(in).decode(reason_code, ENUMERATED, UNIVERSAL);
diff --git a/src/cert/x509/x509_ext.h b/src/cert/x509/x509_ext.h
index 714e29562..1e5d1adbb 100644
--- a/src/cert/x509/x509_ext.h
+++ b/src/cert/x509/x509_ext.h
@@ -56,8 +56,8 @@ class BOTAN_DLL Certificate_Extension
protected:
friend class Extensions;
virtual bool should_encode() const { return true; }
- virtual MemoryVector<byte> encode_inner() const = 0;
- virtual void decode_inner(const MemoryRegion<byte>&) = 0;
+ virtual std::vector<byte> encode_inner() const = 0;
+ virtual void decode_inner(const std::vector<byte>&) = 0;
};
/**
@@ -107,8 +107,8 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension
std::string config_id() const { return "basic_constraints"; }
std::string oid_name() const { return "X509v3.BasicConstraints"; }
- MemoryVector<byte> encode_inner() const;
- void decode_inner(const MemoryRegion<byte>&);
+ std::vector<byte> encode_inner() const;
+ void decode_inner(const std::vector<byte>&);
void contents_to(Data_Store&, Data_Store&) const;
bool is_ca;
@@ -131,8 +131,8 @@ class BOTAN_DLL Key_Usage : public Certificate_Extension
std::string oid_name() const { return "X509v3.KeyUsage"; }
bool should_encode() const { return (constraints != NO_CONSTRAINTS); }
- MemoryVector<byte> encode_inner() const;
- void decode_inner(const MemoryRegion<byte>&);
+ std::vector<byte> encode_inner() const;
+ void decode_inner(const std::vector<byte>&);
void contents_to(Data_Store&, Data_Store&) const;
Key_Constraints constraints;
@@ -147,19 +147,19 @@ class BOTAN_DLL Subject_Key_ID : public Certificate_Extension
Subject_Key_ID* copy() const { return new Subject_Key_ID(key_id); }
Subject_Key_ID() {}
- Subject_Key_ID(const MemoryRegion<byte>&);
+ Subject_Key_ID(const std::vector<byte>&);
- MemoryVector<byte> get_key_id() const { return key_id; }
+ std::vector<byte> get_key_id() const { return key_id; }
private:
std::string config_id() const { return "subject_key_id"; }
std::string oid_name() const { return "X509v3.SubjectKeyIdentifier"; }
bool should_encode() const { return (key_id.size() > 0); }
- MemoryVector<byte> encode_inner() const;
- void decode_inner(const MemoryRegion<byte>&);
+ std::vector<byte> encode_inner() const;
+ void decode_inner(const std::vector<byte>&);
void contents_to(Data_Store&, Data_Store&) const;
- MemoryVector<byte> key_id;
+ std::vector<byte> key_id;
};
/**
@@ -171,19 +171,19 @@ class BOTAN_DLL Authority_Key_ID : public Certificate_Extension
Authority_Key_ID* copy() const { return new Authority_Key_ID(key_id); }
Authority_Key_ID() {}
- Authority_Key_ID(const MemoryRegion<byte>& k) : key_id(k) {}
+ Authority_Key_ID(const std::vector<byte>& k) : key_id(k) {}
- MemoryVector<byte> get_key_id() const { return key_id; }
+ std::vector<byte> get_key_id() const { return key_id; }
private:
std::string config_id() const { return "authority_key_id"; }
std::string oid_name() const { return "X509v3.AuthorityKeyIdentifier"; }
bool should_encode() const { return (key_id.size() > 0); }
- MemoryVector<byte> encode_inner() const;
- void decode_inner(const MemoryRegion<byte>&);
+ std::vector<byte> encode_inner() const;
+ void decode_inner(const std::vector<byte>&);
void contents_to(Data_Store&, Data_Store&) const;
- MemoryVector<byte> key_id;
+ std::vector<byte> key_id;
};
/**
@@ -204,8 +204,8 @@ class BOTAN_DLL Alternative_Name : public Certificate_Extension
std::string oid_name() const { return oid_name_str; }
bool should_encode() const { return alt_name.has_items(); }
- MemoryVector<byte> encode_inner() const;
- void decode_inner(const MemoryRegion<byte>&);
+ std::vector<byte> encode_inner() const;
+ void decode_inner(const std::vector<byte>&);
void contents_to(Data_Store&, Data_Store&) const;
std::string config_name_str, oid_name_str;
@@ -253,8 +253,8 @@ class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension
std::string oid_name() const { return "X509v3.ExtendedKeyUsage"; }
bool should_encode() const { return (oids.size() > 0); }
- MemoryVector<byte> encode_inner() const;
- void decode_inner(const MemoryRegion<byte>&);
+ std::vector<byte> encode_inner() const;
+ void decode_inner(const std::vector<byte>&);
void contents_to(Data_Store&, Data_Store&) const;
std::vector<OID> oids;
@@ -278,8 +278,8 @@ class BOTAN_DLL Certificate_Policies : public Certificate_Extension
std::string oid_name() const { return "X509v3.CertificatePolicies"; }
bool should_encode() const { return (oids.size() > 0); }
- MemoryVector<byte> encode_inner() const;
- void decode_inner(const MemoryRegion<byte>&);
+ std::vector<byte> encode_inner() const;
+ void decode_inner(const std::vector<byte>&);
void contents_to(Data_Store&, Data_Store&) const;
std::vector<OID> oids;
@@ -302,8 +302,8 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension
std::string oid_name() const { return "X509v3.CRLNumber"; }
bool should_encode() const { return has_value; }
- MemoryVector<byte> encode_inner() const;
- void decode_inner(const MemoryRegion<byte>&);
+ std::vector<byte> encode_inner() const;
+ void decode_inner(const std::vector<byte>&);
void contents_to(Data_Store&, Data_Store&) const;
bool has_value;
@@ -326,8 +326,8 @@ class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension
std::string oid_name() const { return "X509v3.ReasonCode"; }
bool should_encode() const { return (reason != UNSPECIFIED); }
- MemoryVector<byte> encode_inner() const;
- void decode_inner(const MemoryRegion<byte>&);
+ std::vector<byte> encode_inner() const;
+ void decode_inner(const std::vector<byte>&);
void contents_to(Data_Store&, Data_Store&) const;
CRL_Code reason;
diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp
index 670bd8da6..af8be0384 100644
--- a/src/cert/x509/x509_obj.cpp
+++ b/src/cert/x509/x509_obj.cpp
@@ -16,8 +16,6 @@
#include <algorithm>
#include <memory>
-#include <stdio.h>
-
namespace Botan {
/*
@@ -29,7 +27,7 @@ X509_Object::X509_Object(DataSource& stream, const std::string& labels)
}
/*
-* Createa a generic X.509 object
+* Create a generic X.509 object
*/
X509_Object::X509_Object(const std::string& file, const std::string& labels)
{
@@ -38,6 +36,15 @@ X509_Object::X509_Object(const std::string& file, const std::string& labels)
}
/*
+* Create a generic X.509 object
+*/
+X509_Object::X509_Object(const std::vector<byte>& vec, const std::string& labels)
+ {
+ DataSource_Memory stream(&vec[0], vec.size());
+ init(stream, labels);
+ }
+
+/*
* Read a PEM or BER X.509 object
*/
void X509_Object::init(DataSource& in, const std::string& labels)
@@ -99,7 +106,7 @@ void X509_Object::encode(Pipe& out, X509_Encoding encoding) const
/*
* Return a BER encoded X.509 object
*/
-MemoryVector<byte> X509_Object::BER_encode() const
+std::vector<byte> X509_Object::BER_encode() const
{
return DER_Encoder()
.start_cons(SEQUENCE)
@@ -109,7 +116,7 @@ MemoryVector<byte> X509_Object::BER_encode() const
.encode(sig_algo)
.encode(sig, BIT_STRING)
.end_cons()
- .get_contents();
+ .get_contents_unlocked();
}
/*
@@ -123,7 +130,7 @@ std::string X509_Object::PEM_encode() const
/*
* Return the TBS data
*/
-MemoryVector<byte> X509_Object::tbs_data() const
+std::vector<byte> X509_Object::tbs_data() const
{
return ASN1::put_in_sequence(tbs_bits);
}
@@ -131,7 +138,7 @@ MemoryVector<byte> X509_Object::tbs_data() const
/*
* Return the signature of this object
*/
-MemoryVector<byte> X509_Object::signature() const
+std::vector<byte> X509_Object::signature() const
{
return sig;
}
@@ -170,7 +177,7 @@ std::string X509_Object::hash_used_for_signature() const
*/
bool X509_Object::check_signature(const Public_Key* pub_key) const
{
- std::auto_ptr<const Public_Key> key(pub_key);
+ std::unique_ptr<Public_Key> key(pub_key);
return check_signature(*key);
}
@@ -196,7 +203,6 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const
}
catch(std::exception& e)
{
- printf("Failure during validation %s\n", e.what());
return false;
}
}
@@ -204,10 +210,10 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const
/*
* Apply the X.509 SIGNED macro
*/
-MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer,
+std::vector<byte> X509_Object::make_signed(PK_Signer* signer,
RandomNumberGenerator& rng,
const AlgorithmIdentifier& algo,
- const MemoryRegion<byte>& tbs_bits)
+ const secure_vector<byte>& tbs_bits)
{
return DER_Encoder()
.start_cons(SEQUENCE)
@@ -215,7 +221,7 @@ MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer,
.encode(algo)
.encode(signer->sign_message(tbs_bits, rng), BIT_STRING)
.end_cons()
- .get_contents();
+ .get_contents_unlocked();
}
/*
diff --git a/src/cert/x509/x509_obj.h b/src/cert/x509/x509_obj.h
index e46e72ce3..e91389acf 100644
--- a/src/cert/x509/x509_obj.h
+++ b/src/cert/x509/x509_obj.h
@@ -27,12 +27,12 @@ class BOTAN_DLL X509_Object
* The underlying data that is to be or was signed
* @return data that is or was signed
*/
- MemoryVector<byte> tbs_data() const;
+ std::vector<byte> tbs_data() const;
/**
* @return signature on tbs_data()
*/
- MemoryVector<byte> signature() const;
+ std::vector<byte> signature() const;
/**
* @return signature algorithm that was used to generate signature
@@ -52,10 +52,10 @@ class BOTAN_DLL X509_Object
* @param tbs the tbs bits to be signed
* @return signed X509 object
*/
- static MemoryVector<byte> make_signed(class PK_Signer* signer,
- RandomNumberGenerator& rng,
- const AlgorithmIdentifier& alg_id,
- const MemoryRegion<byte>& tbs);
+ static std::vector<byte> make_signed(class PK_Signer* signer,
+ RandomNumberGenerator& rng,
+ const AlgorithmIdentifier& alg_id,
+ const secure_vector<byte>& tbs);
/**
* Check the signature on this data
@@ -75,7 +75,7 @@ class BOTAN_DLL X509_Object
/**
* @return BER encoding of this
*/
- MemoryVector<byte> BER_encode() const;
+ std::vector<byte> BER_encode() const;
/**
* @return PEM encoding of this
@@ -95,15 +95,17 @@ class BOTAN_DLL X509_Object
protected:
X509_Object(DataSource& src, const std::string& pem_labels);
X509_Object(const std::string& file, const std::string& pem_labels);
+ X509_Object(const std::vector<byte>& vec, const std::string& labels);
void do_decode();
X509_Object() {}
AlgorithmIdentifier sig_algo;
- MemoryVector<byte> tbs_bits, sig;
+ std::vector<byte> tbs_bits, sig;
private:
virtual void force_decode() = 0;
void init(DataSource&, const std::string&);
void decode_info(DataSource&);
+
std::vector<std::string> PEM_labels_allowed;
std::string PEM_label_pref;
};
diff --git a/src/cert/x509/x509cert.cpp b/src/cert/x509/x509cert.cpp
index 52115a1a8..d757c2b58 100644
--- a/src/cert/x509/x509cert.cpp
+++ b/src/cert/x509/x509cert.cpp
@@ -30,12 +30,8 @@ std::vector<std::string> lookup_oids(const std::vector<std::string>& in)
{
std::vector<std::string> out;
- std::vector<std::string>::const_iterator i = in.begin();
- while(i != in.end())
- {
+ for(auto i = in.begin(); i != in.end(); ++i)
out.push_back(OIDS::lookup(OID(*i)));
- ++i;
- }
return out;
}
@@ -62,6 +58,16 @@ X509_Certificate::X509_Certificate(const std::string& in) :
}
/*
+* X509_Certificate Constructor
+*/
+X509_Certificate::X509_Certificate(const std::vector<byte>& in) :
+ X509_Object(in, "CERTIFICATE/X509 CERTIFICATE")
+ {
+ self_signed = false;
+ do_decode();
+ }
+
+/*
* Decode the TBSCertificate data
*/
void X509_Certificate::force_decode()
@@ -87,7 +93,7 @@ void X509_Certificate::force_decode()
.decode(dn_subject);
if(version > 2)
- throw Decoding_Error("Unknown X.509 cert version " + Botan::to_string(version));
+ throw Decoding_Error("Unknown X.509 cert version " + std::to_string(version));
if(sig_algo != sig_algo_inner)
throw Decoding_Error("Algorithm identifier mismatch");
@@ -101,7 +107,7 @@ void X509_Certificate::force_decode()
throw BER_Bad_Tag("X509_Certificate: Unexpected tag for public key",
public_key.type_tag, public_key.class_tag);
- MemoryVector<byte> v2_issuer_key_id, v2_subject_key_id;
+ std::vector<byte> v2_issuer_key_id, v2_subject_key_id;
tbs_cert.decode_optional_string(v2_issuer_key_id, BIT_STRING, 1);
tbs_cert.decode_optional_string(v2_subject_key_id, BIT_STRING, 2);
@@ -133,7 +139,7 @@ void X509_Certificate::force_decode()
subject.add("X509.Certificate.public_key",
PEM_Code::encode(
- ASN1::put_in_sequence(public_key.value),
+ ASN1::put_in_sequence(unlock(public_key.value)),
"PUBLIC KEY"
)
);
@@ -253,7 +259,7 @@ std::vector<std::string> X509_Certificate::policies() const
/*
* Return the authority key id
*/
-MemoryVector<byte> X509_Certificate::authority_key_id() const
+std::vector<byte> X509_Certificate::authority_key_id() const
{
return issuer.get1_memvec("X509v3.AuthorityKeyIdentifier");
}
@@ -261,7 +267,7 @@ MemoryVector<byte> X509_Certificate::authority_key_id() const
/*
* Return the subject key id
*/
-MemoryVector<byte> X509_Certificate::subject_key_id() const
+std::vector<byte> X509_Certificate::subject_key_id() const
{
return subject.get1_memvec("X509v3.SubjectKeyIdentifier");
}
@@ -269,7 +275,7 @@ MemoryVector<byte> X509_Certificate::subject_key_id() const
/*
* Return the certificate serial number
*/
-MemoryVector<byte> X509_Certificate::serial_number() const
+std::vector<byte> X509_Certificate::serial_number() const
{
return subject.get1_memvec("X509.Certificate.serial");
}
@@ -290,6 +296,50 @@ X509_DN X509_Certificate::subject_dn() const
return create_dn(subject);
}
+namespace {
+
+bool cert_subject_dns_match(const std::string& name,
+ const std::vector<std::string>& cert_names)
+ {
+ for(size_t i = 0; i != cert_names.size(); ++i)
+ {
+ const std::string cn = cert_names[i];
+
+ if(cn == name)
+ return true;
+
+ /*
+ * Possible wildcard match. We only support the most basic form of
+ * cert wildcarding ala RFC 2595
+ */
+ if(cn.size() > 2 && cn[0] == '*' && cn[1] == '.' && name.size() > cn.size())
+ {
+ const std::string base = cn.substr(1, std::string::npos);
+
+ if(name.compare(name.size() - base.size(), base.size(), base) == 0)
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+}
+
+bool X509_Certificate::matches_dns_name(const std::string& name) const
+ {
+ if(name == "")
+ return false;
+
+ if(cert_subject_dns_match(name, subject_info("DNS")))
+ return true;
+
+ if(cert_subject_dns_match(name, subject_info("Name")))
+ return true;
+
+ return false;
+ }
+
/*
* Compare two certificates for equality
*/
@@ -302,6 +352,24 @@ bool X509_Certificate::operator==(const X509_Certificate& other) const
subject == other.subject);
}
+bool X509_Certificate::operator<(const X509_Certificate& other) const
+ {
+ /* If signature values are not equal, sort by lexicographic ordering of that */
+ if(sig != other.sig)
+ {
+ if(sig < other.sig)
+ return true;
+ return false;
+ }
+
+ /*
+ * same signatures, highly unlikely case, revert to compare
+ * of entire contents
+ */
+
+ return to_string() < other.to_string();
+ }
+
/*
* X.509 Certificate Comparison
*/
@@ -323,7 +391,7 @@ std::string X509_Certificate::to_string() const
"DNS",
"URI",
"PKIX.XMPPAddr",
- 0 };
+ nullptr };
std::ostringstream out;
@@ -419,24 +487,15 @@ std::string X509_Certificate::to_string() const
*/
X509_DN create_dn(const Data_Store& info)
{
- class DN_Matcher : public Data_Store::Matcher
+ auto names = info.search_for(
+ [](const std::string& key, const std::string&)
{
- public:
- bool operator()(const std::string& key, const std::string&) const
- {
- if(key.find("X520.") != std::string::npos)
- return true;
- return false;
- }
- };
-
- std::multimap<std::string, std::string> names =
- info.search_with(DN_Matcher());
+ return (key.find("X520.") != std::string::npos);
+ });
X509_DN dn;
- std::multimap<std::string, std::string>::iterator i;
- for(i = names.begin(); i != names.end(); ++i)
+ for(auto i = names.begin(); i != names.end(); ++i)
dn.add_attribute(i->first, i->second);
return dn;
@@ -447,32 +506,18 @@ X509_DN create_dn(const Data_Store& info)
*/
AlternativeName create_alt_name(const Data_Store& info)
{
- class AltName_Matcher : public Data_Store::Matcher
+ auto names = info.search_for(
+ [](const std::string& key, const std::string&)
{
- public:
- bool operator()(const std::string& key, const std::string&) const
- {
- for(size_t i = 0; i != matches.size(); ++i)
- if(key.compare(matches[i]) == 0)
- return true;
- return false;
- }
-
- AltName_Matcher(const std::string& match_any_of)
- {
- matches = split_on(match_any_of, '/');
- }
- private:
- std::vector<std::string> matches;
- };
-
- std::multimap<std::string, std::string> names =
- info.search_with(AltName_Matcher("RFC822/DNS/URI/IP"));
+ return (key == "RFC822" ||
+ key == "DNS" ||
+ key == "URI" ||
+ key == "IP");
+ });
AlternativeName alt_name;
- std::multimap<std::string, std::string>::iterator i;
- for(i = names.begin(); i != names.end(); ++i)
+ for(auto i = names.begin(); i != names.end(); ++i)
alt_name.add_attribute(i->first, i->second);
return alt_name;
diff --git a/src/cert/x509/x509cert.h b/src/cert/x509/x509cert.h
index 6a4fd6959..e204fb274 100644
--- a/src/cert/x509/x509cert.h
+++ b/src/cert/x509/x509cert.h
@@ -85,19 +85,19 @@ class BOTAN_DLL X509_Certificate : public X509_Object
* Get the serial number of this certificate.
* @return certificates serial number
*/
- MemoryVector<byte> serial_number() const;
+ std::vector<byte> serial_number() const;
/**
* Get the DER encoded AuthorityKeyIdentifier of this certificate.
* @return DER encoded AuthorityKeyIdentifier
*/
- MemoryVector<byte> authority_key_id() const;
+ std::vector<byte> authority_key_id() const;
/**
* Get the DER encoded SubjectKeyIdentifier of this certificate.
* @return DER encoded SubjectKeyIdentifier
*/
- MemoryVector<byte> subject_key_id() const;
+ std::vector<byte> subject_key_id() const;
/**
* Check whether this certificate is self signed.
@@ -148,12 +148,24 @@ class BOTAN_DLL X509_Certificate : public X509_Object
std::string to_string() const;
/**
+ * Check if a certain DNS name matches up with the information in
+ * the cert
+ */
+ bool matches_dns_name(const std::string& name) const;
+
+ /**
* Check to certificates for equality.
* @return true both certificates are (binary) equal
*/
bool operator==(const X509_Certificate& other) const;
/**
+ * Impose an arbitrary (but consistent) ordering
+ * @return true if this is less than other by some unspecified criteria
+ */
+ bool operator<(const X509_Certificate& other) const;
+
+ /**
* Create a certificate from a data source providing the DER or
* PEM encoded certificate.
* @param source the data source
@@ -166,6 +178,9 @@ class BOTAN_DLL X509_Certificate : public X509_Object
* @param filename the name of the certificate file
*/
X509_Certificate(const std::string& filename);
+
+ X509_Certificate(const std::vector<byte>& in);
+
private:
void force_decode();
friend class X509_CA;
diff --git a/src/cert/x509/x509opt.cpp b/src/cert/x509/x509opt.cpp
index 345df1fe0..8a27fdbde 100644
--- a/src/cert/x509/x509opt.cpp
+++ b/src/cert/x509/x509opt.cpp
@@ -8,7 +8,7 @@
#include <botan/x509self.h>
#include <botan/oids.h>
#include <botan/parsing.h>
-#include <botan/time.h>
+#include <chrono>
namespace Botan {
@@ -78,16 +78,16 @@ void X509_Cert_Options::sanity_check() const
* Initialize the certificate options
*/
X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts,
- u32bit expiration_time_in_seconds)
+ u32bit expiration_time)
{
is_CA = false;
path_limit = 0;
constraints = NO_CONSTRAINTS;
- const u64bit now = system_time();
+ auto now = std::chrono::system_clock::now();
start = X509_Time(now);
- end = X509_Time(now + expiration_time_in_seconds);
+ end = X509_Time(now + std::chrono::seconds(expiration_time));
if(initial_opts == "")
return;
diff --git a/src/cert/x509/x509path.cpp b/src/cert/x509/x509path.cpp
index fcf27841d..1d0667f85 100644
--- a/src/cert/x509/x509path.cpp
+++ b/src/cert/x509/x509path.cpp
@@ -9,8 +9,8 @@
#include <botan/parsing.h>
#include <botan/pubkey.h>
#include <botan/oids.h>
-#include <botan/time.h>
#include <algorithm>
+#include <chrono>
#include <memory>
namespace Botan {
diff --git a/src/cert/x509/x509path.h b/src/cert/x509/x509path.h
index 18129a236..fc784d429 100644
--- a/src/cert/x509/x509path.h
+++ b/src/cert/x509/x509path.h
@@ -10,7 +10,12 @@
#include <botan/x509cert.h>
#include <botan/certstor.h>
+<<<<<<< variant A
#include <set>
+>>>>>>> variant B
+#include <functional>
+####### Ancestor
+======= end
namespace Botan {
diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp
index a2f89159f..c13772382 100644
--- a/src/cert/x509/x509self.cpp
+++ b/src/cert/x509/x509self.cpp
@@ -53,8 +53,8 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
opts.sanity_check();
- MemoryVector<byte> pub_key = X509::BER_encode(key);
- std::auto_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
+ std::vector<byte> pub_key = X509::BER_encode(key);
+ std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
load_info(opts, subject_dn, subject_alt);
Key_Constraints constraints;
@@ -99,8 +99,8 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
opts.sanity_check();
- MemoryVector<byte> pub_key = X509::BER_encode(key);
- std::auto_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
+ std::vector<byte> pub_key = X509::BER_encode(key);
+ std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
load_info(opts, subject_dn, subject_alt);
const size_t PKCS10_VERSION = 0;
@@ -134,7 +134,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
tbs_req.encode(
Attribute("PKCS9.ChallengePassword",
- DER_Encoder().encode(challenge).get_contents()
+ DER_Encoder().encode(challenge).get_contents_unlocked()
)
);
}
@@ -145,20 +145,17 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
.start_cons(SEQUENCE)
.encode(extensions)
.end_cons()
- .get_contents()
+ .get_contents_unlocked()
)
)
.end_explicit()
.end_cons();
- DataSource_Memory source(
- X509_Object::make_signed(signer.get(),
- rng,
- sig_algo,
- tbs_req.get_contents())
- );
+ const std::vector<byte> req =
+ X509_Object::make_signed(signer.get(), rng, sig_algo,
+ tbs_req.get_contents());
- return PKCS10_Request(source);
+ return PKCS10_Request(req);
}
}